티스토리 뷰
[Reversing] Windows System Call Table_Windows 7 x86
참조
> https://github.com/j00ru/windows-syscalls
"Windows 7": {
"SP0": {
"NtAcceptConnectPort": 0,
"NtAccessCheck": 1,
"NtAccessCheckAndAuditAlarm": 2,
"NtAccessCheckByType": 3,
"NtAccessCheckByTypeAndAuditAlarm": 4,
"NtAccessCheckByTypeResultList": 5,
"NtAccessCheckByTypeResultListAndAuditAlarm": 6,
"NtAccessCheckByTypeResultListAndAuditAlarmByHandle": 7,
"NtAddAtom": 8,
"NtAddBootEntry": 9,
"NtAddDriverEntry": 10,
"NtAdjustGroupsToken": 11,
"NtAdjustPrivilegesToken": 12,
"NtAlertResumeThread": 13,
"NtAlertThread": 14,
"NtAllocateLocallyUniqueId": 15,
"NtAllocateReserveObject": 16,
"NtAllocateUserPhysicalPages": 17,
"NtAllocateUuids": 18,
"NtAllocateVirtualMemory": 19,
"NtAlpcAcceptConnectPort": 20,
"NtAlpcCancelMessage": 21,
"NtAlpcConnectPort": 22,
"NtAlpcCreatePort": 23,
"NtAlpcCreatePortSection": 24,
"NtAlpcCreateResourceReserve": 25,
"NtAlpcCreateSectionView": 26,
"NtAlpcCreateSecurityContext": 27,
"NtAlpcDeletePortSection": 28,
"NtAlpcDeleteResourceReserve": 29,
"NtAlpcDeleteSectionView": 30,
"NtAlpcDeleteSecurityContext": 31,
"NtAlpcDisconnectPort": 32,
"NtAlpcImpersonateClientOfPort": 33,
"NtAlpcOpenSenderProcess": 34,
"NtAlpcOpenSenderThread": 35,
"NtAlpcQueryInformation": 36,
"NtAlpcQueryInformationMessage": 37,
"NtAlpcRevokeSecurityContext": 38,
"NtAlpcSendWaitReceivePort": 39,
"NtAlpcSetInformation": 40,
"NtApphelpCacheControl": 41,
"NtAreMappedFilesTheSame": 42,
"NtAssignProcessToJobObject": 43,
"NtCallbackReturn": 44,
"NtCancelIoFile": 45,
"NtCancelIoFileEx": 46,
"NtCancelSynchronousIoFile": 47,
"NtCancelTimer": 48,
"NtClearEvent": 49,
"NtClose": 50,
"NtCloseObjectAuditAlarm": 51,
"NtCommitComplete": 52,
"NtCommitEnlistment": 53,
"NtCommitTransaction": 54,
"NtCompactKeys": 55,
"NtCompareTokens": 56,
"NtCompleteConnectPort": 57,
"NtCompressKey": 58,
"NtConnectPort": 59,
"NtContinue": 60,
"NtCreateDebugObject": 61,
"NtCreateDirectoryObject": 62,
"NtCreateEnlistment": 63,
"NtCreateEvent": 64,
"NtCreateEventPair": 65,
"NtCreateFile": 66,
"NtCreateIoCompletion": 67,
"NtCreateJobObject": 68,
"NtCreateJobSet": 69,
"NtCreateKey": 70,
"NtCreateKeyedEvent": 71,
"NtCreateKeyTransacted": 72,
"NtCreateMailslotFile": 73,
"NtCreateMutant": 74,
"NtCreateNamedPipeFile": 75,
"NtCreatePagingFile": 76,
"NtCreatePort": 77,
"NtCreatePrivateNamespace": 78,
"NtCreateProcess": 79,
"NtCreateProcessEx": 80,
"NtCreateProfile": 81,
"NtCreateProfileEx": 82,
"NtCreateResourceManager": 83,
"NtCreateSection": 84,
"NtCreateSemaphore": 85,
"NtCreateSymbolicLinkObject": 86,
"NtCreateThread": 87,
"NtCreateThreadEx": 88,
"NtCreateTimer": 89,
"NtCreateToken": 90,
"NtCreateTransaction": 91,
"NtCreateTransactionManager": 92,
"NtCreateUserProcess": 93,
"NtCreateWaitablePort": 94,
"NtCreateWorkerFactory": 95,
"NtDebugActiveProcess": 96,
"NtDebugContinue": 97,
"NtDelayExecution": 98,
"NtDeleteAtom": 99,
"NtDeleteBootEntry": 100,
"NtDeleteDriverEntry": 101,
"NtDeleteFile": 102,
"NtDeleteKey": 103,
"NtDeleteObjectAuditAlarm": 104,
"NtDeletePrivateNamespace": 105,
"NtDeleteValueKey": 106,
"NtDeviceIoControlFile": 107,
"NtDisableLastKnownGood": 108,
"NtDisplayString": 109,
"NtDrawText": 110,
"NtDuplicateObject": 111,
"NtDuplicateToken": 112,
"NtEnableLastKnownGood": 113,
"NtEnumerateBootEntries": 114,
"NtEnumerateDriverEntries": 115,
"NtEnumerateKey": 116,
"NtEnumerateSystemEnvironmentValuesEx": 117,
"NtEnumerateTransactionObject": 118,
"NtEnumerateValueKey": 119,
"NtExtendSection": 120,
"NtFilterToken": 121,
"NtFindAtom": 122,
"NtFlushBuffersFile": 123,
"NtFlushInstallUILanguage": 124,
"NtFlushInstructionCache": 125,
"NtFlushKey": 126,
"NtFlushProcessWriteBuffers": 127,
"NtFlushVirtualMemory": 128,
"NtFlushWriteBuffer": 129,
"NtFreeUserPhysicalPages": 130,
"NtFreeVirtualMemory": 131,
"NtFreezeRegistry": 132,
"NtFreezeTransactions": 133,
"NtFsControlFile": 134,
"NtGetContextThread": 135,
"NtGetCurrentProcessorNumber": 136,
"NtGetDevicePowerState": 137,
"NtGetMUIRegistryInfo": 138,
"NtGetNextProcess": 139,
"NtGetNextThread": 140,
"NtGetNlsSectionPtr": 141,
"NtGetNotificationResourceManager": 142,
"NtGetPlugPlayEvent": 143,
"NtGetWriteWatch": 144,
"NtImpersonateAnonymousToken": 145,
"NtImpersonateClientOfPort": 146,
"NtImpersonateThread": 147,
"NtInitializeNlsFiles": 148,
"NtInitializeRegistry": 149,
"NtInitiatePowerAction": 150,
"NtIsProcessInJob": 151,
"NtIsSystemResumeAutomatic": 152,
"NtIsUILanguageComitted": 153,
"NtListenPort": 154,
"NtLoadDriver": 155,
"NtLoadKey": 156,
"NtLoadKey2": 157,
"NtLoadKeyEx": 158,
"NtLockFile": 159,
"NtLockProductActivationKeys": 160,
"NtLockRegistryKey": 161,
"NtLockVirtualMemory": 162,
"NtMakePermanentObject": 163,
"NtMakeTemporaryObject": 164,
"NtMapCMFModule": 165,
"NtMapUserPhysicalPages": 166,
"NtMapUserPhysicalPagesScatter": 167,
"NtMapViewOfSection": 168,
"NtModifyBootEntry": 169,
"NtModifyDriverEntry": 170,
"NtNotifyChangeDirectoryFile": 171,
"NtNotifyChangeKey": 172,
"NtNotifyChangeMultipleKeys": 173,
"NtNotifyChangeSession": 174,
"NtOpenDirectoryObject": 175,
"NtOpenEnlistment": 176,
"NtOpenEvent": 177,
"NtOpenEventPair": 178,
"NtOpenFile": 179,
"NtOpenIoCompletion": 180,
"NtOpenJobObject": 181,
"NtOpenKey": 182,
"NtOpenKeyEx": 183,
"NtOpenKeyedEvent": 184,
"NtOpenKeyTransacted": 185,
"NtOpenKeyTransactedEx": 186,
"NtOpenMutant": 187,
"NtOpenObjectAuditAlarm": 188,
"NtOpenPrivateNamespace": 189,
"NtOpenProcess": 190,
"NtOpenProcessToken": 191,
"NtOpenProcessTokenEx": 192,
"NtOpenResourceManager": 193,
"NtOpenSection": 194,
"NtOpenSemaphore": 195,
"NtOpenSession": 196,
"NtOpenSymbolicLinkObject": 197,
"NtOpenThread": 198,
"NtOpenThreadToken": 199,
"NtOpenThreadTokenEx": 200,
"NtOpenTimer": 201,
"NtOpenTransaction": 202,
"NtOpenTransactionManager": 203,
"NtPlugPlayControl": 204,
"NtPowerInformation": 205,
"NtPrepareComplete": 206,
"NtPrepareEnlistment": 207,
"NtPrePrepareComplete": 208,
"NtPrePrepareEnlistment": 209,
"NtPrivilegeCheck": 210,
"NtPrivilegedServiceAuditAlarm": 211,
"NtPrivilegeObjectAuditAlarm": 212,
"NtPropagationComplete": 213,
"NtPropagationFailed": 214,
"NtProtectVirtualMemory": 215,
"NtPulseEvent": 216,
"NtQueryAttributesFile": 217,
"NtQueryBootEntryOrder": 218,
"NtQueryBootOptions": 219,
"NtQueryDebugFilterState": 220,
"NtQueryDefaultLocale": 221,
"NtQueryDefaultUILanguage": 222,
"NtQueryDirectoryFile": 223,
"NtQueryDirectoryObject": 224,
"NtQueryDriverEntryOrder": 225,
"NtQueryEaFile": 226,
"NtQueryEvent": 227,
"NtQueryFullAttributesFile": 228,
"NtQueryInformationAtom": 229,
"NtQueryInformationEnlistment": 230,
"NtQueryInformationFile": 231,
"NtQueryInformationJobObject": 232,
"NtQueryInformationPort": 233,
"NtQueryInformationProcess": 234,
"NtQueryInformationResourceManager": 235,
"NtQueryInformationThread": 236,
"NtQueryInformationToken": 237,
"NtQueryInformationTransaction": 238,
"NtQueryInformationTransactionManager": 239,
"NtQueryInformationWorkerFactory": 240,
"NtQueryInstallUILanguage": 241,
"NtQueryIntervalProfile": 242,
"NtQueryIoCompletion": 243,
"NtQueryKey": 244,
"NtQueryLicenseValue": 245,
"NtQueryMultipleValueKey": 246,
"NtQueryMutant": 247,
"NtQueryObject": 248,
"NtQueryOpenSubKeys": 249,
"NtQueryOpenSubKeysEx": 250,
"NtQueryPerformanceCounter": 251,
"NtQueryPortInformationProcess": 252,
"NtQueryQuotaInformationFile": 253,
"NtQuerySection": 254,
"NtQuerySecurityAttributesToken": 255,
"NtQuerySecurityObject": 256,
"NtQuerySemaphore": 257,
"NtQuerySymbolicLinkObject": 258,
"NtQuerySystemEnvironmentValue": 259,
"NtQuerySystemEnvironmentValueEx": 260,
"NtQuerySystemInformation": 261,
"NtQuerySystemInformationEx": 262,
"NtQuerySystemTime": 263,
"NtQueryTimer": 264,
"NtQueryTimerResolution": 265,
"NtQueryValueKey": 266,
"NtQueryVirtualMemory": 267,
"NtQueryVolumeInformationFile": 268,
"NtQueueApcThread": 269,
"NtQueueApcThreadEx": 270,
"NtRaiseException": 271,
"NtRaiseHardError": 272,
"NtReadFile": 273,
"NtReadFileScatter": 274,
"NtReadOnlyEnlistment": 275,
"NtReadRequestData": 276,
"NtReadVirtualMemory": 277,
"NtRecoverEnlistment": 278,
"NtRecoverResourceManager": 279,
"NtRecoverTransactionManager": 280,
"NtRegisterProtocolAddressInformation": 281,
"NtRegisterThreadTerminatePort": 282,
"NtReleaseKeyedEvent": 283,
"NtReleaseMutant": 284,
"NtReleaseSemaphore": 285,
"NtReleaseWorkerFactoryWorker": 286,
"NtRemoveIoCompletion": 287,
"NtRemoveIoCompletionEx": 288,
"NtRemoveProcessDebug": 289,
"NtRenameKey": 290,
"NtRenameTransactionManager": 291,
"NtReplaceKey": 292,
"NtReplacePartitionUnit": 293,
"NtReplyPort": 294,
"NtReplyWaitReceivePort": 295,
"NtReplyWaitReceivePortEx": 296,
"NtReplyWaitReplyPort": 297,
"NtRequestPort": 298,
"NtRequestWaitReplyPort": 299,
"NtResetEvent": 300,
"NtResetWriteWatch": 301,
"NtRestoreKey": 302,
"NtResumeProcess": 303,
"NtResumeThread": 304,
"NtRollbackComplete": 305,
"NtRollbackEnlistment": 306,
"NtRollbackTransaction": 307,
"NtRollforwardTransactionManager": 308,
"NtSaveKey": 309,
"NtSaveKeyEx": 310,
"NtSaveMergedKeys": 311,
"NtSecureConnectPort": 312,
"NtSerializeBoot": 313,
"NtSetBootEntryOrder": 314,
"NtSetBootOptions": 315,
"NtSetContextThread": 316,
"NtSetDebugFilterState": 317,
"NtSetDefaultHardErrorPort": 318,
"NtSetDefaultLocale": 319,
"NtSetDefaultUILanguage": 320,
"NtSetDriverEntryOrder": 321,
"NtSetEaFile": 322,
"NtSetEvent": 323,
"NtSetEventBoostPriority": 324,
"NtSetHighEventPair": 325,
"NtSetHighWaitLowEventPair": 326,
"NtSetInformationDebugObject": 327,
"NtSetInformationEnlistment": 328,
"NtSetInformationFile": 329,
"NtSetInformationJobObject": 330,
"NtSetInformationKey": 331,
"NtSetInformationObject": 332,
"NtSetInformationProcess": 333,
"NtSetInformationResourceManager": 334,
"NtSetInformationThread": 335,
"NtSetInformationToken": 336,
"NtSetInformationTransaction": 337,
"NtSetInformationTransactionManager": 338,
"NtSetInformationWorkerFactory": 339,
"NtSetIntervalProfile": 340,
"NtSetIoCompletion": 341,
"NtSetIoCompletionEx": 342,
"NtSetLdtEntries": 343,
"NtSetLowEventPair": 344,
"NtSetLowWaitHighEventPair": 345,
"NtSetQuotaInformationFile": 346,
"NtSetSecurityObject": 347,
"NtSetSystemEnvironmentValue": 348,
"NtSetSystemEnvironmentValueEx": 349,
"NtSetSystemInformation": 350,
"NtSetSystemPowerState": 351,
"NtSetSystemTime": 352,
"NtSetThreadExecutionState": 353,
"NtSetTimer": 354,
"NtSetTimerEx": 355,
"NtSetTimerResolution": 356,
"NtSetUuidSeed": 357,
"NtSetValueKey": 358,
"NtSetVolumeInformationFile": 359,
"NtShutdownSystem": 360,
"NtShutdownWorkerFactory": 361,
"NtSignalAndWaitForSingleObject": 362,
"NtSinglePhaseReject": 363,
"NtStartProfile": 364,
"NtStopProfile": 365,
"NtSuspendProcess": 366,
"NtSuspendThread": 367,
"NtSystemDebugControl": 368,
"NtTerminateJobObject": 369,
"NtTerminateProcess": 370,
"NtTerminateThread": 371,
"NtTestAlert": 372,
"NtThawRegistry": 373,
"NtThawTransactions": 374,
"NtTraceControl": 375,
"NtTraceEvent": 376,
"NtTranslateFilePath": 377,
"NtUmsThreadYield": 378,
"NtUnloadDriver": 379,
"NtUnloadKey": 380,
"NtUnloadKey2": 381,
"NtUnloadKeyEx": 382,
"NtUnlockFile": 383,
"NtUnlockVirtualMemory": 384,
"NtUnmapViewOfSection": 385,
"NtVdmControl": 386,
"NtWaitForDebugEvent": 387,
"NtWaitForKeyedEvent": 388,
"NtWaitForMultipleObjects": 389,
"NtWaitForMultipleObjects32": 390,
"NtWaitForSingleObject": 391,
"NtWaitForWorkViaWorkerFactory": 392,
"NtWaitHighEventPair": 393,
"NtWaitLowEventPair": 394,
"NtWorkerFactoryWorkerReady": 395,
"NtWriteFile": 396,
"NtWriteFileGather": 397,
"NtWriteRequestData": 398,
"NtWriteVirtualMemory": 399,
"NtYieldExecution": 400
},
"SP1": {
"NtAcceptConnectPort": 0,
"NtAccessCheck": 1,
"NtAccessCheckAndAuditAlarm": 2,
"NtAccessCheckByType": 3,
"NtAccessCheckByTypeAndAuditAlarm": 4,
"NtAccessCheckByTypeResultList": 5,
"NtAccessCheckByTypeResultListAndAuditAlarm": 6,
"NtAccessCheckByTypeResultListAndAuditAlarmByHandle": 7,
"NtAddAtom": 8,
"NtAddBootEntry": 9,
"NtAddDriverEntry": 10,
"NtAdjustGroupsToken": 11,
"NtAdjustPrivilegesToken": 12,
"NtAlertResumeThread": 13,
"NtAlertThread": 14,
"NtAllocateLocallyUniqueId": 15,
"NtAllocateReserveObject": 16,
"NtAllocateUserPhysicalPages": 17,
"NtAllocateUuids": 18,
"NtAllocateVirtualMemory": 19,
"NtAlpcAcceptConnectPort": 20,
"NtAlpcCancelMessage": 21,
"NtAlpcConnectPort": 22,
"NtAlpcCreatePort": 23,
"NtAlpcCreatePortSection": 24,
"NtAlpcCreateResourceReserve": 25,
"NtAlpcCreateSectionView": 26,
"NtAlpcCreateSecurityContext": 27,
"NtAlpcDeletePortSection": 28,
"NtAlpcDeleteResourceReserve": 29,
"NtAlpcDeleteSectionView": 30,
"NtAlpcDeleteSecurityContext": 31,
"NtAlpcDisconnectPort": 32,
"NtAlpcImpersonateClientOfPort": 33,
"NtAlpcOpenSenderProcess": 34,
"NtAlpcOpenSenderThread": 35,
"NtAlpcQueryInformation": 36,
"NtAlpcQueryInformationMessage": 37,
"NtAlpcRevokeSecurityContext": 38,
"NtAlpcSendWaitReceivePort": 39,
"NtAlpcSetInformation": 40,
"NtApphelpCacheControl": 41,
"NtAreMappedFilesTheSame": 42,
"NtAssignProcessToJobObject": 43,
"NtCallbackReturn": 44,
"NtCancelIoFile": 45,
"NtCancelIoFileEx": 46,
"NtCancelSynchronousIoFile": 47,
"NtCancelTimer": 48,
"NtClearEvent": 49,
"NtClose": 50,
"NtCloseObjectAuditAlarm": 51,
"NtCommitComplete": 52,
"NtCommitEnlistment": 53,
"NtCommitTransaction": 54,
"NtCompactKeys": 55,
"NtCompareTokens": 56,
"NtCompleteConnectPort": 57,
"NtCompressKey": 58,
"NtConnectPort": 59,
"NtContinue": 60,
"NtCreateDebugObject": 61,
"NtCreateDirectoryObject": 62,
"NtCreateEnlistment": 63,
"NtCreateEvent": 64,
"NtCreateEventPair": 65,
"NtCreateFile": 66,
"NtCreateIoCompletion": 67,
"NtCreateJobObject": 68,
"NtCreateJobSet": 69,
"NtCreateKey": 70,
"NtCreateKeyedEvent": 71,
"NtCreateKeyTransacted": 72,
"NtCreateMailslotFile": 73,
"NtCreateMutant": 74,
"NtCreateNamedPipeFile": 75,
"NtCreatePagingFile": 76,
"NtCreatePort": 77,
"NtCreatePrivateNamespace": 78,
"NtCreateProcess": 79,
"NtCreateProcessEx": 80,
"NtCreateProfile": 81,
"NtCreateProfileEx": 82,
"NtCreateResourceManager": 83,
"NtCreateSection": 84,
"NtCreateSemaphore": 85,
"NtCreateSymbolicLinkObject": 86,
"NtCreateThread": 87,
"NtCreateThreadEx": 88,
"NtCreateTimer": 89,
"NtCreateToken": 90,
"NtCreateTransaction": 91,
"NtCreateTransactionManager": 92,
"NtCreateUserProcess": 93,
"NtCreateWaitablePort": 94,
"NtCreateWorkerFactory": 95,
"NtDebugActiveProcess": 96,
"NtDebugContinue": 97,
"NtDelayExecution": 98,
"NtDeleteAtom": 99,
"NtDeleteBootEntry": 100,
"NtDeleteDriverEntry": 101,
"NtDeleteFile": 102,
"NtDeleteKey": 103,
"NtDeleteObjectAuditAlarm": 104,
"NtDeletePrivateNamespace": 105,
"NtDeleteValueKey": 106,
"NtDeviceIoControlFile": 107,
"NtDisableLastKnownGood": 108,
"NtDisplayString": 109,
"NtDrawText": 110,
"NtDuplicateObject": 111,
"NtDuplicateToken": 112,
"NtEnableLastKnownGood": 113,
"NtEnumerateBootEntries": 114,
"NtEnumerateDriverEntries": 115,
"NtEnumerateKey": 116,
"NtEnumerateSystemEnvironmentValuesEx": 117,
"NtEnumerateTransactionObject": 118,
"NtEnumerateValueKey": 119,
"NtExtendSection": 120,
"NtFilterToken": 121,
"NtFindAtom": 122,
"NtFlushBuffersFile": 123,
"NtFlushInstallUILanguage": 124,
"NtFlushInstructionCache": 125,
"NtFlushKey": 126,
"NtFlushProcessWriteBuffers": 127,
"NtFlushVirtualMemory": 128,
"NtFlushWriteBuffer": 129,
"NtFreeUserPhysicalPages": 130,
"NtFreeVirtualMemory": 131,
"NtFreezeRegistry": 132,
"NtFreezeTransactions": 133,
"NtFsControlFile": 134,
"NtGetContextThread": 135,
"NtGetCurrentProcessorNumber": 136,
"NtGetDevicePowerState": 137,
"NtGetMUIRegistryInfo": 138,
"NtGetNextProcess": 139,
"NtGetNextThread": 140,
"NtGetNlsSectionPtr": 141,
"NtGetNotificationResourceManager": 142,
"NtGetPlugPlayEvent": 143,
"NtGetWriteWatch": 144,
"NtImpersonateAnonymousToken": 145,
"NtImpersonateClientOfPort": 146,
"NtImpersonateThread": 147,
"NtInitializeNlsFiles": 148,
"NtInitializeRegistry": 149,
"NtInitiatePowerAction": 150,
"NtIsProcessInJob": 151,
"NtIsSystemResumeAutomatic": 152,
"NtIsUILanguageComitted": 153,
"NtListenPort": 154,
"NtLoadDriver": 155,
"NtLoadKey": 156,
"NtLoadKey2": 157,
"NtLoadKeyEx": 158,
"NtLockFile": 159,
"NtLockProductActivationKeys": 160,
"NtLockRegistryKey": 161,
"NtLockVirtualMemory": 162,
"NtMakePermanentObject": 163,
"NtMakeTemporaryObject": 164,
"NtMapCMFModule": 165,
"NtMapUserPhysicalPages": 166,
"NtMapUserPhysicalPagesScatter": 167,
"NtMapViewOfSection": 168,
"NtModifyBootEntry": 169,
"NtModifyDriverEntry": 170,
"NtNotifyChangeDirectoryFile": 171,
"NtNotifyChangeKey": 172,
"NtNotifyChangeMultipleKeys": 173,
"NtNotifyChangeSession": 174,
"NtOpenDirectoryObject": 175,
"NtOpenEnlistment": 176,
"NtOpenEvent": 177,
"NtOpenEventPair": 178,
"NtOpenFile": 179,
"NtOpenIoCompletion": 180,
"NtOpenJobObject": 181,
"NtOpenKey": 182,
"NtOpenKeyEx": 183,
"NtOpenKeyedEvent": 184,
"NtOpenKeyTransacted": 185,
"NtOpenKeyTransactedEx": 186,
"NtOpenMutant": 187,
"NtOpenObjectAuditAlarm": 188,
"NtOpenPrivateNamespace": 189,
"NtOpenProcess": 190,
"NtOpenProcessToken": 191,
"NtOpenProcessTokenEx": 192,
"NtOpenResourceManager": 193,
"NtOpenSection": 194,
"NtOpenSemaphore": 195,
"NtOpenSession": 196,
"NtOpenSymbolicLinkObject": 197,
"NtOpenThread": 198,
"NtOpenThreadToken": 199,
"NtOpenThreadTokenEx": 200,
"NtOpenTimer": 201,
"NtOpenTransaction": 202,
"NtOpenTransactionManager": 203,
"NtPlugPlayControl": 204,
"NtPowerInformation": 205,
"NtPrepareComplete": 206,
"NtPrepareEnlistment": 207,
"NtPrePrepareComplete": 208,
"NtPrePrepareEnlistment": 209,
"NtPrivilegeCheck": 210,
"NtPrivilegedServiceAuditAlarm": 211,
"NtPrivilegeObjectAuditAlarm": 212,
"NtPropagationComplete": 213,
"NtPropagationFailed": 214,
"NtProtectVirtualMemory": 215,
"NtPulseEvent": 216,
"NtQueryAttributesFile": 217,
"NtQueryBootEntryOrder": 218,
"NtQueryBootOptions": 219,
"NtQueryDebugFilterState": 220,
"NtQueryDefaultLocale": 221,
"NtQueryDefaultUILanguage": 222,
"NtQueryDirectoryFile": 223,
"NtQueryDirectoryObject": 224,
"NtQueryDriverEntryOrder": 225,
"NtQueryEaFile": 226,
"NtQueryEvent": 227,
"NtQueryFullAttributesFile": 228,
"NtQueryInformationAtom": 229,
"NtQueryInformationEnlistment": 230,
"NtQueryInformationFile": 231,
"NtQueryInformationJobObject": 232,
"NtQueryInformationPort": 233,
"NtQueryInformationProcess": 234,
"NtQueryInformationResourceManager": 235,
"NtQueryInformationThread": 236,
"NtQueryInformationToken": 237,
"NtQueryInformationTransaction": 238,
"NtQueryInformationTransactionManager": 239,
"NtQueryInformationWorkerFactory": 240,
"NtQueryInstallUILanguage": 241,
"NtQueryIntervalProfile": 242,
"NtQueryIoCompletion": 243,
"NtQueryKey": 244,
"NtQueryLicenseValue": 245,
"NtQueryMultipleValueKey": 246,
"NtQueryMutant": 247,
"NtQueryObject": 248,
"NtQueryOpenSubKeys": 249,
"NtQueryOpenSubKeysEx": 250,
"NtQueryPerformanceCounter": 251,
"NtQueryPortInformationProcess": 252,
"NtQueryQuotaInformationFile": 253,
"NtQuerySection": 254,
"NtQuerySecurityAttributesToken": 255,
"NtQuerySecurityObject": 256,
"NtQuerySemaphore": 257,
"NtQuerySymbolicLinkObject": 258,
"NtQuerySystemEnvironmentValue": 259,
"NtQuerySystemEnvironmentValueEx": 260,
"NtQuerySystemInformation": 261,
"NtQuerySystemInformationEx": 262,
"NtQuerySystemTime": 263,
"NtQueryTimer": 264,
"NtQueryTimerResolution": 265,
"NtQueryValueKey": 266,
"NtQueryVirtualMemory": 267,
"NtQueryVolumeInformationFile": 268,
"NtQueueApcThread": 269,
"NtQueueApcThreadEx": 270,
"NtRaiseException": 271,
"NtRaiseHardError": 272,
"NtReadFile": 273,
"NtReadFileScatter": 274,
"NtReadOnlyEnlistment": 275,
"NtReadRequestData": 276,
"NtReadVirtualMemory": 277,
"NtRecoverEnlistment": 278,
"NtRecoverResourceManager": 279,
"NtRecoverTransactionManager": 280,
"NtRegisterProtocolAddressInformation": 281,
"NtRegisterThreadTerminatePort": 282,
"NtReleaseKeyedEvent": 283,
"NtReleaseMutant": 284,
"NtReleaseSemaphore": 285,
"NtReleaseWorkerFactoryWorker": 286,
"NtRemoveIoCompletion": 287,
"NtRemoveIoCompletionEx": 288,
"NtRemoveProcessDebug": 289,
"NtRenameKey": 290,
"NtRenameTransactionManager": 291,
"NtReplaceKey": 292,
"NtReplacePartitionUnit": 293,
"NtReplyPort": 294,
"NtReplyWaitReceivePort": 295,
"NtReplyWaitReceivePortEx": 296,
"NtReplyWaitReplyPort": 297,
"NtRequestPort": 298,
"NtRequestWaitReplyPort": 299,
"NtResetEvent": 300,
"NtResetWriteWatch": 301,
"NtRestoreKey": 302,
"NtResumeProcess": 303,
"NtResumeThread": 304,
"NtRollbackComplete": 305,
"NtRollbackEnlistment": 306,
"NtRollbackTransaction": 307,
"NtRollforwardTransactionManager": 308,
"NtSaveKey": 309,
"NtSaveKeyEx": 310,
"NtSaveMergedKeys": 311,
"NtSecureConnectPort": 312,
"NtSerializeBoot": 313,
"NtSetBootEntryOrder": 314,
"NtSetBootOptions": 315,
"NtSetContextThread": 316,
"NtSetDebugFilterState": 317,
"NtSetDefaultHardErrorPort": 318,
"NtSetDefaultLocale": 319,
"NtSetDefaultUILanguage": 320,
"NtSetDriverEntryOrder": 321,
"NtSetEaFile": 322,
"NtSetEvent": 323,
"NtSetEventBoostPriority": 324,
"NtSetHighEventPair": 325,
"NtSetHighWaitLowEventPair": 326,
"NtSetInformationDebugObject": 327,
"NtSetInformationEnlistment": 328,
"NtSetInformationFile": 329,
"NtSetInformationJobObject": 330,
"NtSetInformationKey": 331,
"NtSetInformationObject": 332,
"NtSetInformationProcess": 333,
"NtSetInformationResourceManager": 334,
"NtSetInformationThread": 335,
"NtSetInformationToken": 336,
"NtSetInformationTransaction": 337,
"NtSetInformationTransactionManager": 338,
"NtSetInformationWorkerFactory": 339,
"NtSetIntervalProfile": 340,
"NtSetIoCompletion": 341,
"NtSetIoCompletionEx": 342,
"NtSetLdtEntries": 343,
"NtSetLowEventPair": 344,
"NtSetLowWaitHighEventPair": 345,
"NtSetQuotaInformationFile": 346,
"NtSetSecurityObject": 347,
"NtSetSystemEnvironmentValue": 348,
"NtSetSystemEnvironmentValueEx": 349,
"NtSetSystemInformation": 350,
"NtSetSystemPowerState": 351,
"NtSetSystemTime": 352,
"NtSetThreadExecutionState": 353,
"NtSetTimer": 354,
"NtSetTimerEx": 355,
"NtSetTimerResolution": 356,
"NtSetUuidSeed": 357,
"NtSetValueKey": 358,
"NtSetVolumeInformationFile": 359,
"NtShutdownSystem": 360,
"NtShutdownWorkerFactory": 361,
"NtSignalAndWaitForSingleObject": 362,
"NtSinglePhaseReject": 363,
"NtStartProfile": 364,
"NtStopProfile": 365,
"NtSuspendProcess": 366,
"NtSuspendThread": 367,
"NtSystemDebugControl": 368,
"NtTerminateJobObject": 369,
"NtTerminateProcess": 370,
"NtTerminateThread": 371,
"NtTestAlert": 372,
"NtThawRegistry": 373,
"NtThawTransactions": 374,
"NtTraceControl": 375,
"NtTraceEvent": 376,
"NtTranslateFilePath": 377,
"NtUmsThreadYield": 378,
"NtUnloadDriver": 379,
"NtUnloadKey": 380,
"NtUnloadKey2": 381,
"NtUnloadKeyEx": 382,
"NtUnlockFile": 383,
"NtUnlockVirtualMemory": 384,
"NtUnmapViewOfSection": 385,
"NtVdmControl": 386,
"NtWaitForDebugEvent": 387,
"NtWaitForKeyedEvent": 388,
"NtWaitForMultipleObjects": 389,
"NtWaitForMultipleObjects32": 390,
"NtWaitForSingleObject": 391,
"NtWaitForWorkViaWorkerFactory": 392,
"NtWaitHighEventPair": 393,
"NtWaitLowEventPair": 394,
"NtWorkerFactoryWorkerReady": 395,
"NtWriteFile": 396,
"NtWriteFileGather": 397,
"NtWriteRequestData": 398,
"NtWriteVirtualMemory": 399,
"NtYieldExecution": 400
}
}
'Reversing > ETC' 카테고리의 다른 글
| [Reversing] 악성코드 분석 도구 (0) | 2020.10.29 |
|---|---|
| [Reversing] UnHandledExceptionFilter(), ZwQueryInformationProcess() (0) | 2020.08.26 |
| [Reversing] Fileless 관련 정리 (0) | 2020.08.07 |
| [Reversing] 델파이(Delphi) 관련 정리 (0) | 2020.07.09 |
| [Reversing] MS Crypto API (0) | 2020.06.26 |
- Total
- Today